Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)
Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Point...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Published: |
ELSEVIER SCIENCE INC
2008
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/2297/ |
| _version_ | 1848790018358771712 |
|---|---|
| author | Phan, Raphael C.-W. Yau, Wei-Chuen Goi, Bok-Min |
| author_facet | Phan, Raphael C.-W. Yau, Wei-Chuen Goi, Bok-Min |
| author_sort | Phan, Raphael C.-W. |
| building | MMU Institutional Repository |
| collection | Online Access |
| description | Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval. Furthermore, a simple improvement to S-3PAKE was proposed very recently by Chung and Ku to resist the kind of attacks that applied to earlier versions of 3PAKE. In this paper, we show that S-3PAKE falls to unknown key-share attacks by any other client, and undetectable online dictionary attacks by any adversary. The latter attack equally applies to the recently improved S-3PAKE. Indeed, the provable security approach should be taken when designing PAKEs; and furthermore our results highlight that extra cautions still be exercised when defining models and constructing proofs in this direction. (c) 2008 Elsevier Inc. All rights reserved. |
| first_indexed | 2025-11-14T18:05:56Z |
| format | Article |
| id | mmu-2297 |
| institution | Multimedia University |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:05:56Z |
| publishDate | 2008 |
| publisher | ELSEVIER SCIENCE INC |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | mmu-22972011-08-24T06:25:32Z http://shdl.mmu.edu.my/2297/ Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) Phan, Raphael C.-W. Yau, Wei-Chuen Goi, Bok-Min T Technology (General) QA75.5-76.95 Electronic computers. Computer science Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval. Furthermore, a simple improvement to S-3PAKE was proposed very recently by Chung and Ku to resist the kind of attacks that applied to earlier versions of 3PAKE. In this paper, we show that S-3PAKE falls to unknown key-share attacks by any other client, and undetectable online dictionary attacks by any adversary. The latter attack equally applies to the recently improved S-3PAKE. Indeed, the provable security approach should be taken when designing PAKEs; and furthermore our results highlight that extra cautions still be exercised when defining models and constructing proofs in this direction. (c) 2008 Elsevier Inc. All rights reserved. ELSEVIER SCIENCE INC 2008-07 Article NonPeerReviewed Phan, Raphael C.-W. and Yau, Wei-Chuen and Goi, Bok-Min (2008) Cryptanalysis of simple three-party key exchange protocol (S-3PAKE). Information Sciences, 178 (13). pp. 2849-2856. ISSN 00200255 http://dx.doi.org/10.1016/j.ins.2008.02.008 doi:10.1016/j.ins.2008.02.008 doi:10.1016/j.ins.2008.02.008 |
| spellingShingle | T Technology (General) QA75.5-76.95 Electronic computers. Computer science Phan, Raphael C.-W. Yau, Wei-Chuen Goi, Bok-Min Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) |
| title | Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) |
| title_full | Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) |
| title_fullStr | Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) |
| title_full_unstemmed | Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) |
| title_short | Cryptanalysis of simple three-party key exchange protocol (S-3PAKE) |
| title_sort | cryptanalysis of simple three-party key exchange protocol (s-3pake) |
| topic | T Technology (General) QA75.5-76.95 Electronic computers. Computer science |
| url | http://shdl.mmu.edu.my/2297/ http://shdl.mmu.edu.my/2297/ http://shdl.mmu.edu.my/2297/ |